the retention period for the records and if storing them in the cloud affects your ability to keep them for the full period

whether you can specify what format certain records will be stored in–some cloud providers use file formats specific only to them, making it difficult to access and return those records

having provisions in place to regularly monitor or check on the cloud service provider–this will help you to ensure that records are being managed and stored correctly, particularly if any responsibilities or legislation have changed

how to prove that the records stored in the cloud are complete and reliable–if the service provider does not maintain appropriate audit trails, metadata and descriptions of management processes, the evidential value and integrity of your agency’s records is damaged

if you can tailor the service to your needs–if the cloud provider has a ‘one size fits all’ approach it may be more difficult to ensure you meet your legislative obligations.

Your agreement or contract with the service provider should:

detail recordkeeping requirements including ownership, access, storage, disposal, the transfer of records and any other responsibilities for the records' management and care (e.g. specific formats)

be constructed to ensure provisions will apply in future, even if administrative or MOG changes occur

include provisions allowing you to regularly monitor records stored in the cloud.

Staff using these services should be aware of their recordkeeping responsibilities and ensure that they capture all business records.

2. Retention and disposal

Records must be kept for the full retention period and legally disposed of.

You will need to think about how records:

will be stored if they have long retention periods–the cloud is not designed to preserve information for the medium to long term

will be managed–make sure you can keep track of your records, the associated data and how many copies there are and where

will be destroyed legally and correctly–you need to be able to destroy all copies of records and the associated data–this may be difficult depending on how well you can keep track of your records

are deleted and when (including associated information, back-ups, recovery files, metadata, control records, and any ‘deleted’ data).

Your agreement or contract with the service provider should:

include provisions for how and when records can be disposed of

provide authorisation to destroy records (if relevant) and the conditions under which this can occur

delegate responsibilities to destroy records (if relevant), including which records and when (e.g. control records, metadata, backups).

3. Legislative considerations

You must ensure complete and reliable records of your business activities are created, kept, managed and lawfully disposed of.

Consider your legal obligations in Queensland and the legal issues and requirements if a service provider is in a different state or country.

Service providers based or registered internationally are subject to the laws of that country, and possibly the laws of other jurisdictions. These laws may apply to the information and records they store or manage on your behalf, even if that information is stored in Australia.

Your agency’s legal team may need to:

ensure the agreement includes provisions covering legislation that may impact on the agreement

4. Custody and ownership

Records created by your agency or records that document your agency’s business are public records and are owned by the State of Queensland or relevant Local Government. This includes associated metadata and control records.

Consider:

potential issues regarding custody and ownership of records–particularly metadata and control records

who owns what–you own the records but you don’t own or control the infrastructure or systems that store the records (ownership of metadata could be unclear).

Your agreement or contract with the service provider should:

clearly state who has ownership of records and the custody arrangements for the records

include details of who owns which records–not just the original record, but metadata, control records, and backup copies.

If these factors are in question, talk to your agency’s legal team.

5. Access and use

Access to records should not be reduced or inhibited, and access restrictions need to remain in place.

Consider:

how you access records–ensure you are not losing interoperability or integration between the information and business systems

your ability to access the records–is it sufficient to support business needs (including RTI requests, legal discovery)? How long does it take to access the records? Which records do you need to access continuously or regularly?

your ability to access your records if the cloud provider goes out of business, is sold, or if their processes, terms and conditions, or legislation changes–protection of information and data may be inadequate or non-existent.

Your agreement or contract with the service provider should specify arrangements for:

continued access to regularly required records

accessing records during downtime or maintenance of the service

accessing records for monitoring or compliance purposes

details of access restrictions and requirements–this depends on the records’ type and security classification

any other access requirements and restrictions (e.g. preventing external unauthorised access to records).

6. Security, storage and handling

Records must be stored and handled in a way that ensures their security and preservation.

Make sure the cloud provider has sufficient security and processes to ensure your records remain protected–even from anything else stored on the same server or system. You may need to find out how often they check the security and integrity of stored information and how many of their staff will be able to access your records.

Using cloud storage can increase the risks of unauthorised access because:

the cloud is a shared environment

service providers can subcontract operations

security may not be as strong as if it was in-house

the cloud relies on having a secure internet connection.

Some of your records may have specific privacy requirements, for example personal information. Find out what privacy requirements apply and if the provider can comply.

Your agreement or contract with the service provider should include provisions about the storage and handling of the records, particularly:

7. Disaster preparedness and business continuity planning

Records need to be protected from disasters. Agencies need processes in place to prevent and recover from incidents such as data corruption, migration failure, and lost records.

Consider:

the provider’s ability to restore services and records in the event of a disaster or other unforeseen circumstances

how they back up client data and information, including when, where, why, how, and what data is included (e.g. multiple back-ups, back-ups in multiple locations–see back-ups for business continuity planning)

how quickly they can restore services and data

whether they can restore specific records or sets of records as opposed to all of them. Does this include metadata and control records?

Your agreement or contract with the service provider should:

outline responsibilities for the protection and recovery of public records in the event of a disaster or incident

include provisions for accessing records during or after a disaster or incident.

8. Completion of agreements

You need to put arrangements in place for returning records at the end of an agreement.

You should:

ensure that all your records are returned unless lawfully destroyed

check whether there will be any difficulties returning records and metadata–talk to your IT area (strategies to mitigate these can be included in the planning stages and the agreement)

consider what data remains with the service provider and how it will be managed and/or deleted

check what the cost to your agency would be for ending the agreement, either early or at the agreed time.

When records are returned, check:

all records, including control records and metadata, have been transferred

the information and records are still usable and accessible

the records are complete and match the metadata

digital records have not been corrupted or made unusable as a result of the transfer.

Your agency’s IT specialists can help make sure digital records are still usable and have been migrated correctly.

9. More information

The following tools and advice may be helpful when developing an agreement.